Last week, the US Federal Trade Commission (FTC) interpreted its broad consumer protection mandate to file a first-of-its-kind enforcement action against the developer of three mobile stalkerware applications. The developer was banned from further selling the apps unless significant changes were made in design and functionality.
The FTC’s required changes address notification procedures and language, built-in mobile device security, written consent, and proper cybersecurity documentation and policies.
Together, the requirements potentially create the first set of “standards” for what an app must include if it has features that can monitor another user’s device. However, the potential impact of those requirements—which do not apply to any other current stalkerware developers—remains in question.
Two anti-stalker advocates—Erica Olsen, who leads the National Network to End Domestic Violence’s Safety Net program, and Eva Galperin, cybersecurity director at Electronic Frontier Foundation—welcomed news of the FTC case, though to varying degrees.
“I absolutely think this is exciting, and it’s needed, and it’s an important precedent to set,” Olsen said, adding that the FTC’s case is just a first step, and that extra work is needed to hold stalkerware makers and abusers fully accountable.
In speaking with Business Insider, Galperin worried about what the FTC actually targeted.
“I’ll take what I can get,” Galperin said. “The basis of the [FTC’s] action is not that [the stalkerware developer] is making stalkerware, it’s that they’re not making secure stalkerware.”
The FTC investigation
On October 22, stalkerware developer dealt
